This page does not serve as legal advice. Please determine together with your legal advisor how GDPR applies to your business.
What is UK GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) privacy law that allows EU citizens and residents to have access and control over their personal data.
In 2018, the UK Government took on the EU (Withdrawal) Act to prepare the country to leave the European Union. This Act incorporates several EU laws into UK domestic law. As part of the UK leaving the EU, the GDPR was incorporated into UK domestic law. The European Court of Justice enforced it in the UK until 31 December 2020.
At the beginning of 2021, the UK legal system expelled the European Union GDPR and replaced it with the UKโs GDPR. The UK and EU versions of GDPR are pretty much identical, with the UK government replaced references to things like the European parliament with UK institutions.
What is Data Protection Act 2018?
Think of the UK GDPR as the overarching framework for data protection in the UK. The Data Protection Act 2018 is the specific UK law that brings the GDPR into effect and adds extra rules and details relevant to the UK context, particularly for areas like law enforcement and national security.
Is Dentascribe GDPR and DPA Compliant?
Yes. Dentascribe is based in United Kingdom and complies with the Data Protection Act and GDPR frameworks.
These are the measures we took:
- We are registered with the Information Commissionerโs Office (ICO).
- Our privacy policy gives you more information about what data we collect, data retention and transfers, and outlines your data protection rights (Articles 12, 13).
- We only collect data that is necessary for providing our services to you (data minimisation). This principle is specifically stated in Article 5.
- You have full control of the information you collect, store and manage with Dentascribe.
- External processing of patient is data is opt-in. If you choose to sync your notes to the cloud, the data is encrypted before it leaves your device, and is stored in the UK. We do not store audio or live appointment recording transcripts.
- We have a Data Processing Agreement available for you (Article 28).
- We have an independant Data Protection Officer (Articles 37, 38, 39).
- We carry out staff training needs analysis and data protection and GDPR audits.
- For more information, please consult our privacy policy.
Do you have a Data Processing Agreement?
When you sign up to Dentascribe, you agree to the content of our Data Processing Agreement and accept to be bound by it. It is not necessary to sign this document.
If you would like to sign a DPA on behalf of your dental practice or organisation, we provide a Data Processing Agreement. Contact us at contact@dentascrribe.uk if you would like to sign the DPA.
What happens with patient data?
Dentascribe is the provider of an AI notes and documentation service, and not the owner of the patient data entered into Dentascribe. The user is responsible for the data he/she/they collects and is thus data controller of the respondent data. Dentascribe is the processor and stores information on your behalf. As long as your account is active you (as the data controller) have full control over the data you collect, and the time period for which you store the data.
- You are able to delete patient data from your account if it would be required to do so.
- We honor all deletions, and all patient data which has been deleted by you is permanently deleted from our back-ups within 7 days.
How do you use my personal data?
Dentascribe acts as a data controller in the relationship between Dentascribe and our customers (users), for the personal information you give us in order to use our service (registration information for example). Dentascribe does not sell personal data to third parties or for serving advertisements.
We only share your information with our service providers who help us operate our business, in which case those third parties are required to comply with the GDPR framework.
Sub-processors
Name | Description | Country | May process patient data | Link |
---|---|---|---|---|
Vercel | Hosting | ๐บ๐ธ | Yes (opt-in: live appointment recording) | Learn more |
Supabase | Database, Auth, Edge functions | ๐บ๐ธ (Server: ๐ฌ๐ง) | Yes (opt-in: synced notes) | Learn more |
Resend | ๐บ๐ธ | No | Learn more | |
SignNow | Electronic signatures | ๐บ๐ธ | No | Learn more |
Mixpanel | Analytics | ๐บ๐ธ (Data residency: ๐ช๐บ) | No | Learn more |
Stripe | Payments | ๐บ๐ธ | No | Learn more |
OpenAI | AI Generation | ๐บ๐ธ | Yes (opt-in: live appointment recording) | Learn more |
Groq | AI Generation | ๐บ๐ธ | Yes (opt-in: live appointment recording) | Learn more |